search

bonartm / quizdown-js

Markdown syntax for generating interactive quizzes in the browser
https://bonartm.github.io/quizdown-live-editor/
MIT License
93 stars 25 forks source link

HTML Injections #55

Open FuadEfendi opened 4 weeks ago

FuadEfendi commented 4 weeks ago

Please try Quiz at bottom of this page: https://javascripttypescriptbooks.com/2/4/2/2/

It is broken; footer is not shown; and it is because of HTML Injections, HTML tags are not escaped. When I try to escape it, JavaScript shows "escaped" too such as in this example: Place scripts in the <head>

### Where is it recommended to place non-essential internal scripts for optimal page load performance?

- [ ] In the `<head>` section
- [x] At the end of the `<body>` section
- [ ] In an external file
- [ ] In a `<div>` element

> **Explanation:** Placing non-essential scripts at the end of the `<body>` allows the HTML content to load first, improving perceived performance.
FuadEfendi commented 4 weeks ago

Ok I know how to fix it, I need to use escaped &lt;head&gt; in Markdown. "User error"; please close this issue.

FuadEfendi commented 4 weeks ago

Finally I reported this bug and workaround to Hugo: https://discourse.gohugo.io/t/fake-replace-fixes-possible-bug-with-shortcodes/52155